Re: [Samba] CVE-2008-1105
On Fri, Jun 06, 2008 at 11:27:25AM +1200, Derek wrote: Just wanted to confirm whether this CVE affects the 3.0.4 version of Samba.. The samba.org website claims This security advisory is applicable to all Samba 3.0.x releases to date Yet the actual CVE [1] has Versions: Samba 3.0.0 - 3.0.29 (inclusive) The CVE suggests that the version 3.0.4 would not be affected, my confused! I'm not a native english speaker, but I wonder from what term in the CVE you read that 3.0.4 is not affected Volker pgpLxk4mK4A8i.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] do i need posix users/groups in ldap
So correct me if i'm wrong, in order to use the ldap backend, you need to insert the posix users in ldap as well ?? there is no way to get it work, with the normal basic setup (passwd shadow group ect. files) that's odd ?! Collen. Adam Williams wrote: you'll need to put your posix users in ldap, because samba will add the sambaSamAccount values to them in ldap. Collen Blijenberg wrote: Hi all, i'm a bit confused, can i setup samba (3.0.30) with LDAP backend, and have the posix/local linux users and groups reside in the /etc/groups /etc/shadow ect. ect (the standard linux files) ??? or do i have to put them in ldap also ?? (is there a choice?) Greets, Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] push install software with samba
another friendly competitor for deploying windows software is opsi, a GPL-desktop-management system http://www.opsi.org/ opsi stable version 3.2 http://download.uib.de/opsi3.2/doku/ info at http://download.uib.de/opsi3.2/doku/ opsi version 3.3 release candidate 1 will be announced soon. info at http://download.uib.de/opsi3.3/doku/ Regards, Bardo Wolf P.S: I hope this is not taken as an abuse of this list for advertising Hugo Monteiro schrieb: dnk wrote: Godo day all, I used to have a book mark for an open source piece of software that could be used in conjunction with samba to push install software (that supported unattended installs) and windows updates (I think). I for the life of me can not remember what it is called. Does anyone have a URL or two for something like this to work with samba? Thanks! Dnk http://unattended.sourceforge.net/ http://unattended-gui.sourceforge.net/ http://wpkg.org/ Regards, Hugo Monteiro. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to reduce footprint of smbd?
Hello This is my first mail for this list, so please be considerately. I'm trying to build a tiny version of samba for an embedded device. currently im using the version 2.2 with a footprint of smbd 2.4M. Thats to much. Is there a way/patch to build smbd without everything beside file exchage? I don't need printer, swat, ldap, support. Just exchange. I have disabled most of the features via .configure but thats not enough. I found a patch for 2.0 which disable some parts of printing. https://dev.openwrt.org/browser/packages/net/samba/patches/100-samba.patch Anybody a solution idea? Best regards Patrick Fischer btw.: I know about samba-ng which is a tiny samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CVE-2008-1105
Volker Lendecke wrote: Yet the actual CVE [1] has Versions: Samba 3.0.0 - 3.0.29 (inclusive) The CVE suggests that the version 3.0.4 would not be affected, my confused! I'm not a native english speaker, but I wonder from what term in the CVE you read that 3.0.4 is not affected I think this comes from the fact that 0.4 0.29 I know I have had issues in the past trying to explain that it isn't a decimal point and that version 1.10 is later than 1.9 despite the fact that mathematically 1.9 is greater. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't join AD anymore after migration to 3.0.30
Thanks Guenther, that is exactly the patch I needed to join my AD-Member back into my Windows 2000-SP4 domain! Jens Guenther Deschner wrote: Jens Nissen wrote: I doff my hat, indeed, my SBS200 is running SP1. (Microsoft never provided updates for SBS2000 beyond SP1, there were individual updates for Windows, Exchange, SQL, IIE ... but they were partially incompatible with SBS2000, so there might be more machines out there!!) I updated to SP4, now I get the next error: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT Is it possible, that this is already a known issue in Samba 3.2.0 and needs to be back-ported to Samba 3.0.30? See http://lists-archives.org/samba/34051-net-ads-join-fails-with-nt_status_nologon_workstation_trust_account.html Yeah, it's a known issue. Can you please try attached patch? Thanks, Guenther -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] do i need posix users/groups in ldap
Collen Blijenberg wrote: in order to use the ldap backend, you need to insert the posix users in ldap as well ?? there is no way to get it work, with the normal basic setup (passwd shadow group ect. files) that's odd ?! It isn't completely impossible, if you really wanted to have two seperate user dbs I'm sure you could hack something together, but it would completely eliminate the main advantage of LDAP. If you aren't interested in the benefits of having a single db, why are you using LDAP? Why not use one of the other simpler backends? *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple smb commands (some non AndX) in one packet
On Thu, Jun 05, 2008 at 01:09:15PM -0500, Shirish Pargaonkar wrote: I can't attach a 301MB samba server log file. Is there a way I can upload the file at some location? As far as cifs, it tries to send some commands but does not get a reply for a long time and times out, so everything is stalled. Well, maybe 10MB before the reconnect, bzip2 -9 and you can send it directly to me :-) Volker pgp8cKosaaw3L.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] multiple smb commands (some non AndX) in one packet
On Fri, Jun 6, 2008 at 1:54 AM, Volker Lendecke [EMAIL PROTECTED] wrote: Well, maybe 10MB before the reconnect, bzip2 -9 and you can send it directly to me :-) rzip often compresses log files better than bzip2... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP SP3 and posix locking
Hi, the home directories of our users are NFS-mounted from a NetApp filer to our samba server. Everthing was fine until the users installed the service pack 3 for Windows XP on the client machines. Suddenly it was impossible to write MS Office files on the samba share. Word or Excel documents could only be opened in read-only mode. After de-installing SP3 everything worked well again. I found out that setting the samba option posix locking = No resolves the problem. The manual page of smb.conf says: You should never need to disable this parameter. So I think this is only a temporary solution. Microsoft must have changed something regarding the locking mechanism inside the service pack. Any ideas? Our samba environment: Red Hat Enterprise Linux Server release 5.2 (Tikanga) Kernel 2.6.18-53.1.4.el5 Samba 3.0.30 Regards, Dirk Kastens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsafe_string_function_usage_here when linking smbd
I get the prorotype error (uint32 / uint32_t) in include/util_tdb.h regardless of if I use cc or gcc, see [Samba] Failed building 3.0.30 for tru64 4.0F If I modfy include/util_tdb.h changing uint32_t to uint32, and correct the typo (TDB_BASE_OBJ) - (TDBBASE_OBJ) in the Makefile.in, . and use CC=gcc for /configure I get the same result as Kai Lanz. 3 jun 2008 kl. 22.52 skrev Kai Lanz: I'm trying to build 3.0.30 on Alpha/Tru64-4.0G. The configure step works, but make fails when it tries to link smbd: Compiling popt/popt.c Compiling popt/poptconfig.c Compiling popt/popthelp.c Compiling popt/poptparse.c Linking bin/smbd ld: Unresolved: __unsafe_string_function_usage_here_size_t__ gmake: *** [bin/smbd] Error 1 This Should Never Happen :) -- that looks like a message for the developers. How can I track down the cause of this and fix it? Here are some details: I'm using the samba-3.0.30.tar.gz source distribution downloaded from samba.org. I configured the build as follows: env CC=cc LDFLAGS=-L/local/lib CPPFLAGS=-I/local/include ./ configure \ --with-winbind --with-krb5=/local --with-ldap --with-ads (I have to use the vendor cc, because if I try to build with gcc, I get the same errors Bengt Nilsson is reporting about tdb_open, _E__lc_ctype, tdb_traverse, _Eioctl and many others.) Prior to running make, I fixed what appears to be a typo in the Makefile: diff Makefile Makefile.orig 590c590 LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o $(TDBBASE_OBJ) --- LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o $(TDB_BASE_OBJ) Dunno if that's important. Then I ran make like so, using GNU make: limit datasize 1048576 limit memoryuse 2041072 gmake The make process begins by reporting (long lines wrapped): Using FLAGS = -I/usr/local/include -O -D_SAMBA_BUILD_=3 -I/src/pub/samba-3.0.30/source/popt -I/src/pub/samba-3.0.30/source/iniparser/src -Iinclude -I./include - I. -I. -I./lib/replace -I./lib/talloc -I./tdb/include -I./libaddns -I./librpc -DHAVE_CONFIG_H -I/usr/local/include -I/local/include - DLDAP_DEPRECATED -I/src/pub/samba-3.0.30/source/lib -D_SAMBA_BUILD_=3 PICFLAG= -fPIC LIBS = -lproplist -lsecurity -lresolv -lresolv LDFLAGS= -L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -L/ local/lib DYNEXP = LDSHFLAGS = -shared -L/usr/local/lib -Wl,-rpath -Wl,/usr/local/ lib -L/local/lib SHLIBEXT = so SONAMEFLAG = -Wl,-soname, Generating smbd/build_options.c This dies with the unresolved complaint from the linker as shown above. My guess is this is a false-positive from safe_string.h -- i.e., there's nothing wrong with the string function calls in the smbd source files, but rather safe_string is mistakenly reporting a problem. Is it possible to muzzle safe_string and just get on with the build? I have previously built 3.0.25 successfully on this same Alpha box. But when I was trying to build 3.0.28 after it came out, I hit the same unsafe_string_function_usage error as I'm now seeing with 3.0.30. At that time I just gave up; this time I'd like to solve the problem. -- Kai Lanz Stanford University School of Earth Sciences -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP SP3 and posix locking
Hi, Im running XP SP3 here on samba 2.0.24 and 2.0.28 and no problems here. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Dirk Kastens Verzonden: vrijdag 6 juni 2008 13:43 Aan: samba@lists.samba.org Onderwerp: [Samba] XP SP3 and posix locking Hi, the home directories of our users are NFS-mounted from a NetApp filer to our samba server. Everthing was fine until the users installed the service pack 3 for Windows XP on the client machines. Suddenly it was impossible to write MS Office files on the samba share. Word or Excel documents could only be opened in read-only mode. After de-installing SP3 everything worked well again. I found out that setting the samba option posix locking = No resolves the problem. The manual page of smb.conf says: You should never need to disable this parameter. So I think this is only a temporary solution. Microsoft must have changed something regarding the locking mechanism inside the service pack. Any ideas? Our samba environment: Red Hat Enterprise Linux Server release 5.2 (Tikanga) Kernel 2.6.18-53.1.4.el5 Samba 3.0.30 Regards, Dirk Kastens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsafe_string_function_usage_here when linking smbd
On Fri, Jun 06, 2008 at 02:16:20PM +0200, Bengt Nilsson wrote: I get the prorotype error (uint32 / uint32_t) in include/util_tdb.h regardless of if I use cc or gcc, see [Samba] Failed building 3.0.30 for tru64 4.0F If I modfy include/util_tdb.h changing uint32_t to uint32, and correct the typo (TDB_BASE_OBJ) - (TDBBASE_OBJ) in the Makefile.in, . and use CC=gcc for /configure I get the same result as Kai Lanz. Hmmm. Just did a ./configure; make on a machine that calls itself OSF1 axp V5.1 2650 alpha and it worked fine for me. Anything I'm missing? I need to reproduce it locally to fix it. Volker pgpfwSM9zmIUk.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP3 and posix locking
On Fri, Jun 06, 2008 at 01:42:50PM +0200, Dirk Kastens wrote: the home directories of our users are NFS-mounted from a NetApp filer to our samba server. Everthing was fine until the users installed the service pack 3 for Windows XP on the client machines. Suddenly it was impossible to write MS Office files on the samba share. Word or Excel documents could only be opened in read-only mode. After de-installing SP3 everything worked well again. I found out that setting the samba option posix locking = No resolves the problem. The manual page of smb.conf says: You should never need to disable this parameter. So I think this is only a temporary solution. Microsoft must have changed something regarding the locking mechanism inside the service pack. Any ideas? Well, re-export of NFS-imported directories is not recommended and one of the exceptions to you should never... :-) If you have NetApp installed, why re-export via Samba? License issues? Volker pgp7lxTtOlZ2q.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsafe_string_function_usage_here when linking smbd
My system is OSF1 V4.0 1229 alpha, login message Digital UNIX V4.0F (Rev. 1229) I also have a OSF1 V5.1 2650 alpha, login message Compaq Tru64 UNIX V5.1B (Rev. 2650). I will try to see if it works better on the 5.1 system.. 6 jun 2008 kl. 14.34 skrev Volker Lendecke: On Fri, Jun 06, 2008 at 02:16:20PM +0200, Bengt Nilsson wrote: I get the prorotype error (uint32 / uint32_t) in include/util_tdb.h regardless of if I use cc or gcc, see [Samba] Failed building 3.0.30 for tru64 4.0F If I modfy include/util_tdb.h changing uint32_t to uint32, and correct the typo (TDB_BASE_OBJ) - (TDBBASE_OBJ) in the Makefile.in, . and use CC=gcc for /configure I get the same result as Kai Lanz. Hmmm. Just did a ./configure; make on a machine that calls itself OSF1 axp V5.1 2650 alpha and it worked fine for me. Anything I'm missing? I need to reproduce it locally to fix it. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP3 and posix locking
Hi, L.P.H. van Belle wrote: Hi, Im running XP SP3 here on samba 2.0.24 and 2.0.28 and no problems here. It works with local filesystems. I does not work with NFS-mounted filesystem. Regards, Dirk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP3 and posix locking
Hi, Volker Lendecke wrote: Well, re-export of NFS-imported directories is not recommended and one of the exceptions to you should never... :-) You should not NFS-export NFS-mounted filesystems. I don't know why you shouldn't create a samba share on an NFS-filesystem. Our samba servers are running for many years with NFS-filesystems. That never caused any problems. If you have NetApp installed, why re-export via Samba? License issues? No. CIFS on the NetApp only works with Active Directory. We use LDAP for user authentication so we have to keep our samba servers. Regards, Dirk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP SP3 and posix locking
wel how about im having 3 nfs mounts on my samba on 2 different servers 1 debian( export ) 1 sco unix 5.0.7 ( export ) 1 samba server ( nfs mounted ) 8 drive mappings on client pc's linked folders to nfs mounted folders in the users home drive. need i say more. Louis -Oorspronkelijk bericht- Van: Dirk Kastens [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 6 juni 2008 15:08 Aan: L.P.H. van Belle CC: samba@lists.samba.org Onderwerp: Re: [Samba] XP SP3 and posix locking Hi, L.P.H. van Belle wrote: Hi, Im running XP SP3 here on samba 2.0.24 and 2.0.28 and no problems here. It works with local filesystems. I does not work with NFS-mounted filesystem. Regards, Dirk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP3 and posix locking
On Fri, Jun 06, 2008 at 03:14:08PM +0200, Dirk Kastens wrote: You should not NFS-export NFS-mounted filesystems. I don't know why you shouldn't create a samba share on an NFS-filesystem. Exactly for the problems you've seen. No. CIFS on the NetApp only works with Active Directory. We use LDAP for user authentication so we have to keep our samba servers. Despite what NetApp sales reps try to tell you, NetApp filers work perfectly fine in a Samba domain. Just create a Samba PDC backed by your LDAP (domain logons = yes should be sufficient), join your NetApp box and you're in. Volker pgpai5fW6BuQw.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and ldap referrals
All, If I set up a BDC with a replicated ldap server, can I point the ldap backend and idmap backend options *both* to the localhost and enable a referral on the slave so that writes (ie Idmap updates) will be referred to the master server? I'm running debian unstable with openldap 2.4 (and libs) and Samba 3.0.30. I know I should use the new idmap interface but this is on a production network; I will test the new interface on a sanboxed LAN. Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. Transact is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 1200 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP3 and posix locking
Hallo, Dirk, Du (dkastens) meintest am 06.06.08: You should not NFS-export NFS-mounted filesystems. I don't know why you shouldn't create a samba share on an NFS-filesystem. It may work. A school in the neighbourhood runs some shares in these ways - a third server shares some directories for two other servers and their LANs (NFS and Samba). |- Server LAN1 | fileserver-| |- Server LAN2 One LAN has no problems with mounting per NFS, the other has changed to mounting these shares per smbfs (cifs doesn't work ...) because of veeery slow data transfer. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP3 and posix locking
No. CIFS on the NetApp only works with Active Directory. We use LDAP for user authentication so we have to keep our samba servers. Despite what NetApp sales reps try to tell you, NetApp filers work perfectly fine in a Samba domain. Just create a Samba PDC backed by your LDAP (domain logons = yes should be sufficient), join your NetApp box and you're in. Just to back volker up, our University has been doing this for at least 3 years with no issues at all :) we have about 9000 active users! Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsafe_string_function_usage_here when linking smbd
I tried ./configure + make on my 5.1 system and it worked fine. So the problem is for the older Digital UNIX V4.0F system. Do you have access to such a system? 6 jun 2008 kl. 14.34 skrev Volker Lendecke: On Fri, Jun 06, 2008 at 02:16:20PM +0200, Bengt Nilsson wrote: I get the prorotype error (uint32 / uint32_t) in include/util_tdb.h regardless of if I use cc or gcc, see [Samba] Failed building 3.0.30 for tru64 4.0F If I modfy include/util_tdb.h changing uint32_t to uint32, and correct the typo (TDB_BASE_OBJ) - (TDBBASE_OBJ) in the Makefile.in, . and use CC=gcc for /configure I get the same result as Kai Lanz. Hmmm. Just did a ./configure; make on a machine that calls itself OSF1 axp V5.1 2650 alpha and it worked fine for me. Anything I'm missing? I need to reproduce it locally to fix it. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain trusts in samba3 with openLDAP
Apologies, my ldap user/computer ou's in smb.conf were wrong. :-( However the DOMAIN CONTROLLER NOT FOUND error with wbinfo -t in 3.0.30 still holds, and I could not get 3.0.28a to populate the Idmap ou in LDAP, whereas despite the 3.0.30 problem, that release could indeed do so. Cheers Alex On Mon, 2008-06-02 at 14:30 +0100, Alex Crow wrote: Hi, I am having the exact same problem as the user quoted below - I have 3.0.28a installed at both ends (I've tried 3.0.30 but that seems to make wbinfo -t fail with DOMAIN CONTROLLER NOT FOUND errors). It's a bidirectional trust - the end remote to me works fine but the local end reports as below. wbinfo -u/g fails on both ends with Error looking up domain users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsafe_string_function_usage_here when linking smbd
On Fri, Jun 06, 2008 at 03:52:54PM +0200, Bengt Nilsson wrote: I tried ./configure + make on my 5.1 system and it worked fine. So the problem is for the older Digital UNIX V4.0F system. Do you have access to such a system? No, sorry :-) Volker pgpkQL3bit7wV.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] log.winbindd
Which files does the max log size property manage? I'm pretty confident it manages log.smb but what about log.nmbd and log.winbindd. The reason I ask is despite having set max log size, log.winbindd has grown to be a few gigs. I don't know if this is a defect in Samba or an indication I need to use logrotate. Any info would be appreciated, thanks for your time. Adrian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can not connect to share for a particular user.
Hi again 2008/6/5 Jean-Yves Avenard [EMAIL PROTECTED]: In the smb log file, I would see make_connection: connection to public denied due to security descriptor. A thread bump... No one has ever faced this issue? any solutions by any chance? Thanks JY -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Can not connect to share for a particular user.
On Sat, Jun 07, 2008 at 12:48:44AM +1000, Jean-Yves Avenard wrote: 2008/6/5 Jean-Yves Avenard [EMAIL PROTECTED]: In the smb log file, I would see make_connection: connection to public denied due to security descriptor. A thread bump... No one has ever faced this issue? any solutions by any chance? Did you set access controls with the Windows server manager? If not, and the settings in your smb.conf are everything you need to control access to your shares, then you might want to delete share_info.tdb. Volker pgpytqKMRMSSJ.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to reduce footprint of smbd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick wrote: Hello This is my first mail for this list, so please be considerately. I'm trying to build a tiny version of samba for an embedded device. currently im using the version 2.2 with a footprint of smbd 2.4M. Thats to much. Is there a way/patch to build smbd without everything beside file exchage? I don't need printer, swat, ldap, support. Just exchange. I have disabled most of the features via .configure but thats not enough. I found a patch for 2.0 which disable some parts of printing. https://dev.openwrt.org/browser/packages/net/samba/patches/100-samba.patch Anybody a solution idea? Best regards Patrick Fischer btw.: I know about samba-ng which is a tiny samba You mentioned that you know about samba-ng, but you did not mention what about it does not work for you... what is the issue? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFISWKomb+gadEcsb4RAtJyAKCIAl17ThCkdp7LuO8JzMhIpCDfrgCgzYgT ZFRh6ZoojMS7ChkRu4bpte8= =s11h -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsafe_string_function_usage_here when linking smbd
On Jun 6, 2008, at 10:10 AM, Herb Lewis wrote: try doing an nm on the suspected .o file and see if the reference to the function is there. That will prove which file(s) is comes from than maybe you can determine which function it comes from. Thanks, but I've already done that; I used nm to confirm that the call to an undefined external function called unsafe_string_function_usage_here_size_t was present in trans2.o and in no other object file under source/smbd. The trouble is there are 27 calls in trans2.c that have been wrapped by safe_string.h and I haven't thought of a way to determine which one is getting replaced by the unsafe_ marker. -- Kai Lanz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CVE-2008-1105 - clarification request
Hi, The announcement states: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd Does this means arbitrary code executed as root ou as the user that is authenticaded after smdb drops privilegies? Does this affect samba 2.x as well? What versions? Best regards Gustavo -- Angulo Sólido - Tecnologias de Informação http://angulosolido.pt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] limit user connections to PDC
i work in a lab environment, and we'd like to prevent users from logging into 5 machines at once. I've looked through the smb.conf man page pretty thoroughly, but nothing appears to address this problem. Anyone have any ideas, how you can limit the amount of logins a user can have to teh domain? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CVE-2008-1105 - clarification request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gustavo Homem wrote: Hi, The announcement states: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd Does this means arbitrary code executed as root ou as the user that is authenticaded after smdb drops privilegies? Potentially either. smbd never drops privileges and can always re-become root. Does this affect samba 2.x as well? What versions? Technically affects Samba 2.2.4 and later. but Samba 2.2 is reached EOL several years ago. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFISYarIR7qMdg1EfYRAlRYAJ9H2r9BYLx0JTkyXWrgHJTTqNpCSACgzL9m H+R/lv3EeG6Qfk4JISPTfIc= =7wU+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CVE-2008-1105 - clarification request
On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote: Gustavo Homem wrote: Hi, The announcement states: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd Does this means arbitrary code executed as root ou as the user that is authenticaded after smdb drops privilegies? Potentially either. smbd never drops privileges and can always re-become root. Are you sure about this? ├─smbd─┬─2*[smbd] │ ├─smbd(gustavo) │ └─smbd(asdrubal) From pstree I allways see an smbd process for each user mount. What I want to know is if the vulnerable call is run as the local user or root. Thanks Gustavo Does this affect samba 2.x as well? What versions? Technically affects Samba 2.2.4 and later. but Samba 2.2 is reached EOL several years ago. cheers, jerry -- Angulo Sólido - Tecnologias de Informação http://angulosolido.pt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsafe_string_function_usage_here when linking smbd
run script to capture all the following output run gdb trans2.o then run the command x/400i (may need to change the number of lines) search for the offending function call and see where it says it is in the file Kai Lanz wrote: On Jun 6, 2008, at 10:10 AM, Herb Lewis wrote: try doing an nm on the suspected .o file and see if the reference to the function is there. That will prove which file(s) is comes from than maybe you can determine which function it comes from. Thanks, but I've already done that; I used nm to confirm that the call to an undefined external function called unsafe_string_function_usage_here_size_t was present in trans2.o and in no other object file under source/smbd. The trouble is there are 27 calls in trans2.c that have been wrapped by safe_string.h and I haven't thought of a way to determine which one is getting replaced by the unsafe_ marker. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] lazy samba server?
Hi, I recently installed samba (3.0.28) on a linux box as a PDC. The networks has about 20 windows xp professional and a few Linux (all Fedora 8). Basically the server works OK but I have run into a few problems: Initially windows roaming profile was not configured. At that time, sometimes when a user tries to log on a windows machines, it would say server not found and the user wouldn't be able to logon. Later on, roaming profile was configured (and the user profiles are stored on another Linux server), then sometimes when a user tries to log on a windows, it would say the roaming profile was not found and a local profile would be used, or sometimes it would say your local profile can not be found and a temporary profile was used. Up to now, this problem can be resolved by restarting the windows. Both problems do not always happen, so users can use the computers with no problem most of the time. But it is irritating when it happens. I thought I might have installed too much stuff on the PDC, since I checked almost all of the optional package to be installed when Fedora 8 was installed. But the PDC was only used for user athentication and it is not busy at all. I have tried to increase the priority of the smb and nmb processes, but it seems to have no effect. Anybody know what might have caused the problems? Any suggestion is appreciated. George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP SP3 and posix locking
i've had a similar problem for weeks/months now with microsoft word 2003 saying files are read-only, even when the file permissions are 777. i was google searching which said the problem is due to windows desktop search. i uninstalled that but that didn't completely fix it. i'll try posix locking = no Dirk Kastens wrote: Hi, the home directories of our users are NFS-mounted from a NetApp filer to our samba server. Everthing was fine until the users installed the service pack 3 for Windows XP on the client machines. Suddenly it was impossible to write MS Office files on the samba share. Word or Excel documents could only be opened in read-only mode. After de-installing SP3 everything worked well again. I found out that setting the samba option posix locking = No resolves the problem. The manual page of smb.conf says: You should never need to disable this parameter. So I think this is only a temporary solution. Microsoft must have changed something regarding the locking mechanism inside the service pack. Any ideas? Our samba environment: Red Hat Enterprise Linux Server release 5.2 (Tikanga) Kernel 2.6.18-53.1.4.el5 Samba 3.0.30 Regards, Dirk Kastens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CVE-2008-1105 - clarification request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gustavo Homem wrote: On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote: Gustavo Homem wrote: Hi, The announcement states: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd Does this means arbitrary code executed as root ou as the user that is authenticaded after smdb drops privilegies? Potentially either. smbd never drops privileges and can always re-become root. Are you sure about this? ├─smbd─┬─2*[smbd] │ ├─smbd(gustavo) │ └─smbd(asdrubal) From pstree I allways see an smbd process for each user mount. Yeah. I'm sure. :-) We change to the effective id of the user to perform certain operations. And then changes back to root when done (with some optimizations to minimize the number of security context switches). What I want to know is if the vulnerable call is run as the local user or root. Potentially either. Treat this as a potential remote root code execution although I've only seen PoC code for clients. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFISZLjIR7qMdg1EfYRAjorAJsEhefQQvefNMjyp2VEIM2IIoC3IgCgkS3D +TVoM9qYcepX+1evg+kK18w= =yaF3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CVE-2008-1105 - clarification request
On Friday 06 June 2008 20:41, Gerald (Jerry) Carter wrote: Gustavo Homem wrote: On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote: Gustavo Homem wrote: Hi, The announcement states: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd Does this means arbitrary code executed as root ou as the user that is authenticaded after smdb drops privilegies? Potentially either. smbd never drops privileges and can always re-become root. Are you sure about this? ├─smbd─┬─2*[smbd] │ ├─smbd(gustavo) │ └─smbd(asdrubal) From pstree I allways see an smbd process for each user mount. Yeah. I'm sure. :-) We change to the effective id of the user to perform certain operations. And then changes back to root when done (with some optimizations to minimize the number of security context switches). Understood. Thanks for the explanation. What I want to know is if the vulnerable call is run as the local user or root. Potentially either. Treat this as a potential remote root code execution although I've only seen PoC code for clients. ?? Does this vulnerability also affect the samba clients if connecting to an infected server? Best regards Gustavo -- Angulo Sólido - Tecnologias de Informação http://angulosolido.pt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] lazy samba server?
On Fri, Jun 6, 2008 at 3:26 PM, George He [EMAIL PROTECTED] wrote: Hi, I recently installed samba (3.0.28) on a linux box as a PDC. The networks has about 20 windows xp professional and a few Linux (all Fedora 8). Basically the server works OK but I have run into a few problems: Initially windows roaming profile was not configured. At that time, sometimes when a user tries to log on a windows machines, it would say server not found and the user wouldn't be able to logon. Later on, roaming profile was configured (and the user profiles are stored on another Linux server), then sometimes when a user tries to log on a windows, it would say the roaming profile was not found and a local profile would be used, or sometimes it would say your local profile can not be found and a temporary profile was used. Up to now, this problem can be resolved by restarting the windows. Both problems do not always happen, so users can use the computers with no problem most of the time. But it is irritating when it happens. I thought I might have installed too much stuff on the PDC, since I checked almost all of the optional package to be installed when Fedora 8 was installed. But the PDC was only used for user athentication and it is not busy at all. I have tried to increase the priority of the smb and nmb processes, but it seems to have no effect. Anybody know what might have caused the problems? Any suggestion is appreciated. Probably a browsing issue. Do the windows machines find the PDC using dns or wins? If wins have you added the wins server to all of the windows machines? John -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] lazy samba server?
Hi John, when you say wins, do you mean the lmhosts file? No. If you set the PDC to be a wins server then add this ip as the wins server in every windows client the windows machines will find the domain controller. But that should work. Have you added the proper format of a domain controller? Here is a very old example I dug up on how we did this years ago: 10.116.15.13 RADIMGDC0 #PRE #DOM:RADIMG 10.116.15.13 RADIMG \0x1B #PRE So RADIMGDC0 was the PDC on the RADIMG DOMAIN. The part has to be exactly 20 characters. I edited that file on some of the windows machines to list both servers (PDC and file server) but it didn't solve my problems. The other windows machines, which don't have this lmhosts file, I guess they use dns to find the servers? Not unless you added the needed _ldap._tcp.dc._msdcs entries in your dns server. If it can be something else, how do I find out for sure? Go to the windows client and look at the event viewer. You will see errors. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Can not connect to share for a particular user.
Hi Thanks for your help 2008/6/7 Volker Lendecke [EMAIL PROTECTED]: Did you set access controls with the Windows server manager? no, I don't even know what that is If not, and the settings in your smb.conf are everything you need to control access to your shares, then you might want to delete share_info.tdb. I already did ... didn't help :( Jean-Yves -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] lazy samba server?
On Fri, Jun 6, 2008 at 4:15 PM, John Drescher [EMAIL PROTECTED] wrote: Hi John, when you say wins, do you mean the lmhosts file? No. If you set the PDC to be a wins server then add this ip as the wins server in every windows client the windows machines will find the domain controller. But that should work. Have you added the proper format of a domain controller? Here is a very old example I dug up on how we did this years ago: 10.116.15.13 RADIMGDC0 #PRE #DOM:RADIMG 10.116.15.13 RADIMG \0x1B #PRE So RADIMGDC0 was the PDC on the RADIMG DOMAIN. The part has to be exactly 20 characters. sorry John I wasn't clear. When I say lmhosts files, I meant the lmhosts files on the windows clients. The two sample lines you put above do look like what I put in my lmhosts file, except that I don't understand the exactly 20 characters part. Since the sample file lmhosts.sam in C:\windows\system32\drivers\etc doesn't say this, I just listed the two servers I have in this file like this: 1.1.1.1 linux1 #PRE #DOM:MYDOM # this is my PDC 2.2.2.2 linux2 #PRE #DOM:MYDON # this is my file server Is it possible the exactly 20 characters rule was good only years ago? I edited that file on some of the windows machines to list both servers (PDC and file server) but it didn't solve my problems. The other windows machines, which don't have this lmhosts file, I guess they use dns to find the servers? Not unless you added the needed _ldap._tcp.dc._msdcs entries in your dns server. Then how come the other windows clients that don't this lmhosts file can work properly? I have no access to the dns server. If it can be something else, how do I find out for sure? Go to the windows client and look at the event viewer. You will see errors. John The event viewer listed some roaming profile not found errors, local profile not found errors, and some Autoenrollment errors (ID 15). There is basically no help on windows help and support on the last 2 errors. The help on the roaming profile error was old (2004, last update 2007), and it says this is fixed in sp2, but we have updated to sp3, yet stilll get this error, so it's confusing. There is a hotfix on the MS support page, do you think it worth a try? Thanks George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] lazy samba server?
On Fri, Jun 6, 2008 at 5:08 PM, George He [EMAIL PROTECTED] wrote: On Fri, Jun 6, 2008 at 4:15 PM, John Drescher [EMAIL PROTECTED] wrote: Hi John, when you say wins, do you mean the lmhosts file? No. If you set the PDC to be a wins server then add this ip as the wins server in every windows client the windows machines will find the domain controller. But that should work. Have you added the proper format of a domain controller? Here is a very old example I dug up on how we did this years ago: 10.116.15.13 RADIMGDC0 #PRE #DOM:RADIMG 10.116.15.13 RADIMG \0x1B #PRE So RADIMGDC0 was the PDC on the RADIMG DOMAIN. The part has to be exactly 20 characters. sorry John I wasn't clear. When I say lmhosts files, I meant the lmhosts files on the windows clients. The two sample lines you put above do look like what I put in my lmhosts file, except that I don't understand the exactly 20 characters part. Since the sample file lmhosts.sam in C:\windows\system32\drivers\etc doesn't say this, I just listed the two servers I have in this file like this: 1.1.1.1 linux1 #PRE #DOM:MYDOM # this is my PDC 2.2.2.2 linux2 #PRE #DOM:MYDON # this is my file server Is it possible the exactly 20 characters rule was good only years ago? I am sorry this is 15 before the \0x1B and this is the name of the domain. See here: http://support.microsoft.com/kb/150800 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] add|delete user / group / machine ... scripts, is the API somewhere documented?
Hi folks, are there any more detailed docs about those scripts? I have some annoying issues there and I can't find anything about that in the docs. If using usrmgr.exe is it possible to tweak the add user script that the full name of a user is stored too, like if I add the user manually with adduser (debian) or useradd -c Full Name -m username on (most?) other distros? If I set the full name in usrmgr.exe, it fails and logs nothing about that (log level 3). So my assumption is, it is just not implemented as I did not find a usable variable for the Full Name documented. Did I miss something there? If adding the user via adduser (debian) or useradd -c Full Name -m username on (most?) other distros and smbpasswd -a afterwards, the full name is stored... more or less. In usrmgr.exe and after logged in to a WinXP box and clicking the start button (new XP startmenu style) I see the correct full name but it is shown with three commas afterwards (like in /etc/passwd if not all gecos / comments fields are used). If I use all comment fields for variuos informations (on Debian with adduser it defaults to private / business phone, room Number and miscellaneous, with useradd, for most other distros, I think, this would be like useradd -c 'full name,room number,phone number...') I see exactly all those settings in the field for full name, as so in the startmenu... bug / feature / not implemented yet? Did I miss something there? kind regards Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0rc1-44-g5462e1a
The branch, v3-2-stable has been updated via 5462e1a6bf99fc199053aebe412867f420eb1841 (commit) from b93d927dd440f0009740cf00644f603edf5a8a7c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 5462e1a6bf99fc199053aebe412867f420eb1841 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jun 5 18:54:14 2008 +0200 mailslot: always pull a command 25 type reply. Guenther (cherry picked from commit 1ce726b951621cb4b34069c31d1318fc04ad2389) (cherry picked from commit 80c7fbb4edb29b3c670c21baa5f613b942e68e1e) --- Summary of changes: source/libads/cldap.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libads/cldap.c b/source/libads/cldap.c index efe13cc..1156506 100644 --- a/source/libads/cldap.c +++ b/source/libads/cldap.c @@ -304,6 +304,7 @@ bool pull_mailslot_cldap_reply(TALLOC_CTX *mem_ctx, case 0x13: /* 19 */ case 0x15: /* 21 */ case 0x17: /* 23 */ + case 0x19: /* 25 */ break; default: DEBUG(1,(got unexpected command: %d (0x%08x)\n, -- Samba Shared Repository